Hash-function based PRFs: AMAC and its multi-user security
Annual International Conference on the Theory and Applications of …, 2016•Springer
AMAC AMAC is a simple and fast candidate construction of a PRF from an MD-style hash
function which applies the keyed hash function and then a cheap, un-keyed output transform
such as truncation. Spurred by its use in the widely-deployed Ed25519 signature scheme,
this paper investigates the provable PRF security of AMAC AMAC to deliver the following
three-fold message:(1) First, we prove PRF security of AMAC AMAC.(2) Second, we show
that AMAC AMAC has a quite unique and attractive feature, namely that its multi-user …
function which applies the keyed hash function and then a cheap, un-keyed output transform
such as truncation. Spurred by its use in the widely-deployed Ed25519 signature scheme,
this paper investigates the provable PRF security of AMAC AMAC to deliver the following
three-fold message:(1) First, we prove PRF security of AMAC AMAC.(2) Second, we show
that AMAC AMAC has a quite unique and attractive feature, namely that its multi-user …
Abstract
is a simple and fast candidate construction of a PRF from an MD-style hash function which applies the keyed hash function and then a cheap, un-keyed output transform such as truncation. Spurred by its use in the widely-deployed Ed25519 signature scheme, this paper investigates the provable PRF security of to deliver the following three-fold message: (1) First, we prove PRF security of . (2) Second, we show that has a quite unique and attractive feature, namely that its multi-user security is essentially as good as its single-user security and in particular superior in some settings to that of competitors. (3) Third, it is technically interesting, its security and analysis intrinsically linked to security of the compression function in the presence of leakage.
Springer